[asterisk-dev] chan_mobile

Martin A. DOnofrio | BITSENSE mdonofrio at bitsense.com.ar
Wed Feb 13 23:04:19 CST 2008


Hello, one questions... problems chan_mobile. Is connected but not pass
audio in mobile.this mobile is Samsung sgh-e256.
Tranks.
Martin A. D´Onofrio 

IT Manager 
Bitsense
(54) 11 1559772677
mdonofrio at bitsense.com.ar
 
CONFIDENCIALIDAD 

 

Este mensaje es confidencial. El mismo puede contener información amparada
por el secreto profesional. Si usted ha recibido este e-mail por error, le
solicitamos lo comunique inmediatamente vía e-mail y tenga la amabilidad de
eliminarlo de su sistema. No deberá copiar el mensaje ni divulgar su
contenido a ninguna persona. Muchas gracias.

 


CONFIDENTIALITY

 

This message is confidential. It may also contain information that is
privileged or otherwise legally exempt from disclosure. If you have received
it by mistake please let us know by e-mail immediately and be kind enough to
delete it from your system; you should also not copy the message nor
disclose its contents to anyone. Thank you.

-----Mensaje original-----
De: asterisk-dev-bounces at lists.digium.com
[mailto:asterisk-dev-bounces at lists.digium.com] En nombre de
asterisk-dev-request at lists.digium.com
Enviado el: Miércoles, 13 de Febrero de 2008 04:00 p.m.
Para: asterisk-dev at lists.digium.com
Asunto: asterisk-dev Digest, Vol 43, Issue 19

Send asterisk-dev mailing list submissions to
	asterisk-dev at lists.digium.com

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.digium.com/mailman/listinfo/asterisk-dev
or, via email, send a message with subject or body 'help' to
	asterisk-dev-request at lists.digium.com

You can reach the person managing the list at
	asterisk-dev-owner at lists.digium.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of asterisk-dev digest..."


Today's Topics:

   1. Re: New manager action: CreateConfig (Tzafrir Cohen)
   2. Re: New manager action: CreateConfig (Benny Amorsen)
   3. Re: New manager action: CreateConfig (Michiel van Baak)
   4. Re: New manager action: CreateConfig (Johan Wilfer)
   5. Re: New manager action: CreateConfig (Maxim Sobolev)
   6. Re: chan_ooh323 patches compatible with codec	negotiation
      patch applied to asterisk 1.4.17 (Ganbold Tsagaankhuu)


----------------------------------------------------------------------

Message: 1
Date: Tue, 12 Feb 2008 20:10:50 +0200
From: Tzafrir Cohen <tzafrir.cohen at xorcom.com>
Subject: Re: [asterisk-dev] New manager action: CreateConfig
To: asterisk-dev at lists.digium.com
Message-ID: <20080212181050.GA24189 at xorcom.com>
Content-Type: text/plain; charset=us-ascii

On Tue, Feb 12, 2008 at 05:39:43PM +0100, Johansson Olle E wrote:
> 
> 12 feb 2008 kl. 17.10 skrev Tzafrir Cohen:
> 
> > On Tue, Feb 12, 2008 at 04:16:48PM +0100, Johansson Olle E wrote:
> >> What happens if I use an argument of "../rc.conf" or "../passwd" ?
> >>
> >> I suggest we filter file name arguments for ".." and "/" in the
> >> arguments of all these configuration actions.
> >
> > You assume the user did not run:
> >
> >  System(ln -s / /etc/asterisk/rootdir)
> >
> > Running Asterisk as root is bad for your health.
> 
> 
> Well, I won't disagree. But that's not a good reason for adding new  
> holes, is it?

Asterisk can today write practically arbitrary data to an arbitrary file
through recording.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir



------------------------------

Message: 2
Date: Tue, 12 Feb 2008 19:36:36 +0100
From: Benny Amorsen <benny+usenet at amorsen.dk>
Subject: Re: [asterisk-dev] New manager action: CreateConfig
To: asterisk-dev at lists.digium.com
Message-ID: <m3d4r2dnt7.fsf at ursa.amorsen.dk>
Content-Type: text/plain; charset=us-ascii

Johansson Olle E <oej at edvina.net> writes:

> What happens if I use an argument of "../rc.conf" or "../passwd" ?
>
> I suggest we filter file name arguments for ".." and "/" in the  
> arguments of all these configuration actions.

It's very hard to do this securely if users have permission to write
to the same directories. E.g. make sure that you always create new
files, never write to an existing file. (ln /etc/passwd foo,
asterisk writes to foo...) Symlinks are even worse, but easier to
detect.


/Benny





------------------------------

Message: 3
Date: Tue, 12 Feb 2008 20:50:19 +0100
From: Michiel van Baak <michiel at vanbaak.info>
Subject: Re: [asterisk-dev] New manager action: CreateConfig
To: asterisk-dev at lists.digium.com
Message-ID: <20080212195018.GF16887 at vanbaak.info>
Content-Type: text/plain; charset=us-ascii

On 19:36, Tue 12 Feb 08, Benny Amorsen wrote:
> Johansson Olle E <oej at edvina.net> writes:
> 
> > What happens if I use an argument of "../rc.conf" or "../passwd" ?
> >
> > I suggest we filter file name arguments for ".." and "/" in the  
> > arguments of all these configuration actions.
> 
> It's very hard to do this securely if users have permission to write
> to the same directories. E.g. make sure that you always create new
> files, never write to an existing file. (ln /etc/passwd foo,
> asterisk writes to foo...) Symlinks are even worse, but easier to
> detect.

Best would be to only enable this when asterisk is not
running as root, or when it is chrooted.

-- 

Michiel van Baak
michiel at vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer aficionados are both called users?"




------------------------------

Message: 4
Date: Tue, 12 Feb 2008 21:38:37 +0100
From: Johan Wilfer <johan at wilfer.se>
Subject: Re: [asterisk-dev] New manager action: CreateConfig
To: Asterisk Developers Mailing List <asterisk-dev at lists.digium.com>
Message-ID: <1202848717.5779.9.camel at andromeda>
Content-Type: text/plain


tis 2008-02-12 klockan 17:39 +0100 skrev Johansson Olle E:
> 12 feb 2008 kl. 17.10 skrev Tzafrir Cohen:
> 
> > On Tue, Feb 12, 2008 at 04:16:48PM +0100, Johansson Olle E wrote:
> >> What happens if I use an argument of "../rc.conf" or "../passwd" ?
> >>
> >> I suggest we filter file name arguments for ".." and "/" in the
> >> arguments of all these configuration actions.
> >
> > You assume the user did not run:
> >
> >  System(ln -s / /etc/asterisk/rootdir)
> >
> > Running Asterisk as root is bad for your health.
> 
> 
> Well, I won't disagree. But that's not a good reason for adding new  
> holes, is it?

Wouldn't it be better to focus on having Asterisk run as non-root as the
default? Someone who can summarize the pros and cons? I guess this could
mean a lot to secure the default asterisk configuration..

/Johan





------------------------------

Message: 5
Date: Tue, 12 Feb 2008 13:43:41 -0800
From: Maxim Sobolev <sobomax at sippysoft.com>
Subject: Re: [asterisk-dev] New manager action: CreateConfig
To: Asterisk Developers Mailing List <asterisk-dev at lists.digium.com>
Message-ID: <47B2130D.8040808 at sippysoft.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Johan Wilfer wrote:
> tis 2008-02-12 klockan 17:39 +0100 skrev Johansson Olle E:
>> 12 feb 2008 kl. 17.10 skrev Tzafrir Cohen:
>>
>>> On Tue, Feb 12, 2008 at 04:16:48PM +0100, Johansson Olle E wrote:
>>>> What happens if I use an argument of "../rc.conf" or "../passwd" ?
>>>>
>>>> I suggest we filter file name arguments for ".." and "/" in the
>>>> arguments of all these configuration actions.
>>> You assume the user did not run:
>>>
>>>  System(ln -s / /etc/asterisk/rootdir)
>>>
>>> Running Asterisk as root is bad for your health.
>>
>> Well, I won't disagree. But that's not a good reason for adding new  
>> holes, is it?
> 
> Wouldn't it be better to focus on having Asterisk run as non-root as the
> default? Someone who can summarize the pros and cons? I guess this could
> mean a lot to secure the default asterisk configuration..

+1. There is really no point for it to run as root.

Regards,
-- 
Maksym Sobolyev
Sippy Software, Inc.
Internet Telephony (VoIP) Experts
T/F: +1-646-651-1110
Web: http://www.sippysoft.com



------------------------------

Message: 6
Date: Wed, 13 Feb 2008 17:41:06 +0800
From: "Ganbold Tsagaankhuu" <ganbold at gmail.com>
Subject: Re: [asterisk-dev] chan_ooh323 patches compatible with codec
	negotiation patch applied to asterisk 1.4.17
To: "Asterisk Developers Mailing List" <asterisk-dev at lists.digium.com>
Cc: Asterisk Users Mailing List - Non-Commercial Discussion
	<asterisk-users at lists.digium.com>
Message-ID:
	<8c1a520a0802130141r6c97fbcfgcb8bf8b190be639f at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hi all,

It is posted here:

http://bugs.digium.com/view.php?id=11976

Still waiting for the approval.

Please see the notes.

thanks,

Ganbold


On 2/12/08, Johan Wilfer <johan at wilfer.se> wrote:
>
> Ganbold Tsagaankhuu wrote:
> > Hi all,
> >
> > Sorry for cross posting.
> > I attached my chan_ooh323 patches (asterisk-addons-1.4.5) when codec
> > negotiation patch changes applied to asterisk-1.4.17.
> > Please let me know whether my patches are correct or not.
> >
> > thanks in advance,
> >
> > Ganbold
> >
> >
> > ------------------------------------------------------------------------
> >
> > ________
> For licensing issues nobody will be able to use your patch if you don't
> submit it thought the bug tracker at http://bugs.digium.com/
> You will be able to agree to the digium license after you have created
> an account.
> There is also a bug tracker introduction that is useful to read at
> http://asterisk.org/developers/bug-guidelines
>
> Nice work!
> /Johan
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-dev/attachments/20080213/6ea0064b
/attachment-0001.htm 

------------------------------

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev

End of asterisk-dev Digest, Vol 43, Issue 19
********************************************


__________ Informacisn de NOD32, revisisn 2836 (20080130) __________

Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com





More information about the asterisk-dev mailing list